Application level gateway based on universal parser

US 20040088425A1
Filed: 10/31/2002
Published: 05/06/2004
Est. Priority Date: 10/31/2002
Status: Abandoned Application

First Claim

Patent Images

1. An Application Level Gateway (ALG) for providing protocol validation in a data transmission network, comprising:

a) a transmission controller for controlling data flow between the ALG, a server and a client;

b) a universal parser coupled to said transmission controller, for parsing all data flowing between said server and said client, and through the ALG; and

c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol;

said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol contained in said plug-in.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Application Level Gateway (ALG) based on an universal parser, in a data transmission network. This ALG enables all data flow of an application level protocol to be checked for concordance with the formal syntax description of the data transmission protocol, and with a security policy. The ALG contains a transmission controller, universal parser, and at least one parser plug-in for each universal parser. This parser plug-in is specific to the data transmission protocol, and can be automatically created from the formal syntax description of a data transmission protocol. A security policy (rules, restrictions) can be implemented in the parser plug-in and/or in the settings.

64 Citations

View as Search Results

22 Claims

1. An Application Level Gateway (ALG) for providing protocol validation in a data transmission network, comprising:
- a) a transmission controller for controlling data flow between the ALG, a server and a client;
  
  b) a universal parser coupled to said transmission controller, for parsing all data flowing between said server and said client, and through the ALG; and
  
  c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol;
  
  said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol contained in said plug-in.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The ALG according to claim 1, wherein there is a plurality of universal parsers coupled to said transmission controller, such that the universal parsers are chained to a data flow between said server and said client.
  - 3. The ALG according to claim 1, wherein said universal parser recognizes transmission of an executable software module and is operable to prohibit said transmission.
  - 4. The ALG according to claim 1, wherein said universal parser recognizes transmission of script text and is operable to prohibit said transmission.
  - 5. The ALG according to claim 3, wherein said universal parser checks said transmitted executable software module for the presence of malicious code.
  - 6. The ALG according to claim 4, wherein said universal parser checks said transmitted script text for the presence of malicious code.
  - 7. The ALG according to claim 1, wherein said parser plug-in is created from a formal syntax description of a data transmission protocol.

8. A method for enabling an Application Level Gateway (ALG) to validate protocols in a data transmission network, comprising:
- i. providing an ALG between a server and a client in the network;
  
  ii. configuring a universal parser and a parser plug-in in said ALG, for analyzing data flow of an application level protocol through said ALG, said parser plug-in containing a formal description of said data transfer protocol; and
  
  iii. validating said data flow of application level protocol, by comparing data flowing through said ALG for compatibility with the formal syntax description of said data transmission protocol.
- View Dependent Claims (9, 10, 11)
- - 9. The method according to claim 8, wherein validating of data flow further includes validating data flow for compatibility with a security policy.
  - 10. The method according to claim 8, wherein said plug-in is created according to a formal syntax description of said data transmission protocol by transformation of said description to an executable module.
  - 11. The method according to claim 8, wherein said plug-in is created according to a relevant security policy of an application level protocol by transformation of said description of said security policy to an executable module.

12. An Application Level Gateway (ALG) for providing protocol validation in a one-way simplex data transmission network, comprising:
- a) a transmission controller for controlling data flow between a sender, the ALG and a receiver;
  
  b) a universal parser coupled to said transmission controller, for parsing all data flowing between said sender and said receiver, and through the ALG; and
  
  c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol;
  
  said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol.

13. An Application Level Gateway (ALG) for providing protocol validation in a data transmission network, comprising:
- a) a transmission controller for controlling data flow between the ALG and a server;
  
  b) a universal parser coupled to said transmission controller, for parsing all data flowing between the ALG and said server; and
  
  c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol, said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol.

14. An Application Level Gateway (ALG) for providing protocol validation in a data transmission network, comprising:
- a) a transmission controller for controlling data flow between the ALG and a client;
  
  b) a universal parser coupled to said transmission controller, for parsing all data flowing between the ALG and said client; and
  
  c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol, said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol.

15. A method for providing validation of a predetermined protocol in an ALG, comprising:
- parsing data flowing through the ALG;
  
  determining compatibiliy with the predetermined protocol by comparing the parsed data with a pluggable format syntax description of the predetermined protocol.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, further comprising:
    - prohibiting the data from flowing from the ALG if the parsed data is determined not to be compatible with the predetermined protocol.
  - 17. The method of claim 16, wherein the ALG is provided between a server and a client.
  - 18. The method of claim 15, wherein a data path exists between a server and a client and through the ALG.

19. A system for validating a response from a client computer, relative to a request from a server computer, the system comprising:
- an Application Level Gateway (ALG) configured to parse the client response, compare the parsed response with a plug-in module containing a syntax description of a predetermined protocol, and based on the comparison ascertain whether the client response is valid with respect to the predetermined protocol.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the ALG is further configured such that if the client response is not valid, then the ALG prohibits transmission of the client response from the ALG.

21. A system for validating an output from a server computer, the system comprising:
- an Application Level Gateway (ALG) configured to parse the server output, compare the server output with a plug-in module containing a syntax description of a predetermined protocol, and based on the comparison ascertain whether the server output is valid with respect to the predetermined protocol.
- View Dependent Claims (22)
- - 22. The system of claim 21, wherein the ALG is further configured such that if the server output is not valid, then the ALG prohibits transmission of the server output from the ALG.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comverse Limited (Mavenir Group Holdings Ltd.)
Original Assignee
Comverse Limited (Mavenir Group Holdings Ltd.)
Inventors
Gutin, Joseph, Novoselsky, Alexander, Genshaft, Igor, Rubinstein, Dmitry

Application Number

US10/284,320
Publication Number

US 20040088425A1
Time in Patent Office

Days
Field of Search
US Class Current

709/230
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

H04L 67/2871   Implementation details of s...

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

H04L 69/22   Parsing or analysis of headers

H04L 69/329   in the application layer [O...

Application level gateway based on universal parser

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Application level gateway based on universal parser

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links